Sanctions Screening: Best Practices and Common Pitfalls

Sanctions compliance is the area of AML where regulatory tolerance is lowest and enforcement consequences are highest. A single processed payment to a sanctioned party can trigger penalties that run into hundreds of millions, sometimes billions, of dollars. At the same time, the day-to-day operation of a sanctions screening program is one of the noisiest activities in compliance: most programs generate hundreds of false-positive name matches for every genuine sanctions hit.

The disciplines that separate effective sanctions programs from struggling ones are the same across institutions. They focus on screening accuracy, list management, and clear escalation.

The Lists That Matter

A complete sanctions screening program covers, at minimum: the OFAC Specially Designated Nationals (SDN) list and the related sectoral sanctions identifications; the UK Office of Financial Sanctions Implementation (OFSI) consolidated list; the EU consolidated financial sanctions list; the UN Security Council consolidated list; and any local list applicable to the jurisdictions in which the firm operates.

Most institutions also screen against domestic PEP lists, adverse media databases, and internal watchlists, though these are not strictly sanctions lists. The screening engine is typically the same; the disposition logic differs.

Programs operating in higher-risk geographies or sectors usually expand coverage further, including export control lists, defense end-user lists, and country-specific sanctions regimes related to Russia, Iran, North Korea, Belarus, and others.

When to Screen

Screening must occur at three points in the customer and transaction lifecycle:

Onboarding. Every customer, beneficial owner, controller, and connected party is screened before account opening.

Ongoing. The full customer book is rescreened against updated lists, typically daily or whenever a list update is published. This catches the case where a customer who was clean at onboarding is later added to a sanctions list.

Transactional. Each payment, both originator and beneficiary names, is screened in real time before processing. This is where the operational pressure is highest, because false-positive holds create payment delays.

Common Failure Modes

Aliases and transliteration variants are missed. Sanctions targets often have multiple aliases, transliterations from non-Latin scripts, and historical name variants. Screening engines need to be configured with appropriate fuzzy logic and to use comprehensive alias data.

The 50 Percent Rule is not applied correctly. Under OFAC's 50 Percent Rule (and equivalents in other jurisdictions), entities owned 50 percent or more by sanctioned persons are themselves sanctioned, even if not specifically listed. Failure to investigate corporate ownership chains for indirect exposure is one of the most common findings in OFAC enforcement actions.

Watchlist updates are delayed. Sanctions lists update frequently, sometimes multiple times in a day. Programs that rely on weekly batch updates are exposed to processing transactions for parties who were sanctioned earlier the same day.

Escalation criteria are unclear. A potential sanctions hit needs to be cleared by someone with authority and training. Unclear escalation criteria leads either to true hits being closed by inexperienced staff or to genuine matches being delayed while the right reviewer is found.

Documentation of disposition is weak. Every closed sanctions alert needs a clear written disposition. "Not a match" is not a disposition. Regulators expect to see the basis for the conclusion: what name comparison was performed, what additional data was considered, and why the alert was concluded as a false positive.

Calibrating False-Positive Rates

The biggest operational lever in any sanctions program is fuzzy matching configuration. Tighter matching produces fewer alerts but risks missing genuine hits. Looser matching catches more but drowns the team in noise.

The disciplined approach is to calibrate per data field. Personal name matching benefits from looser matching combined with secondary criteria (date of birth, country of residence, transaction context). Entity name matching often works better with tighter matching plus aggressive use of legal entity identifiers and registration numbers where available.

Quarterly review of disposition data should drive ongoing calibration. The closed alerts contain the information needed to identify which match patterns produce repeatable false positives, and where rules can be tightened or whitelists applied.

The Role of Whitelists

Whitelisting is one of the most controversial controls in sanctions screening. The case for whitelisting is operational: many genuine customers share names with sanctioned individuals, and rescreening the same false-positive match every day is wasteful. The case against whitelisting is risk-based: every whitelist entry is, in effect, a permanent decision to suppress an alert that the system thinks is a potential match.

The right balance is to whitelist conservatively, with tight scope (whitelist a specific name combined with specific corroborating data, not the name alone), with documented justification, and with periodic refresh of every whitelist entry against updated list data.

Sanctions Evasion Indicators

The biggest current sanctions risk for most firms is not the customer who appears on a list. It is the customer or transaction that has been deliberately structured to evade sanctions. Common evasion patterns include:

Routing through third countries with weaker enforcement, particularly using the UAE, Türkiye, certain Central Asian jurisdictions, and Hong Kong as transit points for Russia, Iran, and DPRK-related activity.

Use of front companies and complex ownership structures to obscure the connection to sanctioned principals.

Shipping and trade documentation manipulation, including AIS turning off, ship-to-ship transfers, falsified bills of lading, and dual-use goods being shipped under cover of legitimate consumer products.

Cryptocurrency-based evasion, including use of mixers, privacy coins, and exchanges in non-cooperating jurisdictions to move value across the sanctions perimeter.

These patterns are often invisible to name-based screening. Detection depends on transaction monitoring, trade-finance review, and explicit sanctions evasion typology rules.

The Bottom Line

Sanctions screening is a discipline, not a tool. The technology matters, but the program-level disciplines, list coverage, screening cadence, fuzzy-match calibration, escalation clarity, disposition documentation, and active management of evasion typologies, are what determine whether the program detects the exposures that matter and clears the noise that does not.

For a structured prompt to assess a transaction or customer for sanctions-evasion indicators alongside other AML red flags, the Red Flag Check assessment tool covers OFAC, OFSI, UN, and EU frameworks across all four standard scenarios.